what can be determined?

Refer to the exhibit. Given the output shown, what can be determined?

Refer to the exhibit. Given the output shown, what can be determined?

A.
An attacker has sent a spoofed DHCP address.

B.
An attacker has sent a spoofed ARP response that violates a static mapping.

C.
The MAC address has matched a deny rule within the ACL.

D.
This is an invalid proxy ARP packet, as indicated by the 0000.0000.0000 MAC address on the
destination

Explanation:
You can create an extended ACL with MAC address mapping.
If you have a spoofed arp then the message will be different than ACL-DENY – it will be DHCP
Snooping Deny.
http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_arpinspect.html#wp1125009
3550(config-arp-nacl)#permit ip host 192.168.69.25 mac host 000c.2957.6b39 log
This will permit a host with an IP of 192.168.69.25 and a Mac of 00-0c-29-57-6b-39 to arp on the
network.

If Host 2 attempts to send an ARP request with the IP address 10.0.0.1, DAI drops the request
and logs the following system message:
00:18:08: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Ethernet1/4, vlan
1.([0001.0001.0001/10.0.0.1/0000.0000.0000/0.0.0.0/01:53:21 UTC Fri Jun 13 2008])
00:12:08: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Ethernet2/3, vlan
1.([0002.0002.0002/10.0.0.3/0000.0000.0000/0.0.0.0/02:42:35 UTC Fri Jul 13 2008])



Leave a Reply 0

Your email address will not be published. Required fields are marked *